

United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


10/731,629 


12/09/2003 


Phyllis J. Michaelides 


07002.0053.N 


4733 



23369 7590 10/06/2005 

HOWREY LLP 

C/O IP DOCKETING DEPARTMENT 
2941 FAIR VIEW PARK DRIVE, SUITE 200 
FALLS CHURCH, VA 22042-7195 



EXAMINER 



SHERKAT, AREZOO 



ART UNIT 



PAPER NUMBER 



2131 

DATE MAILED: 10/06/2005 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



in 

J 1 




Application No. 


Applicant(s) 




Office Action Summarv 


10/731,629 


MICHAELIDES, PHYLLIS J. 


Examiner 

Arezoo Sherkat 


Art Unit 

2131 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)13 Responsive to communication(s) filed on 09 December 2003 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-31 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1-31 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) £3 The drawing(s) filed on 09 December 2003 is/are: a)S accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

11) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C, § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment) s) 

1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) S Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5) □ Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date 12/9/2003 . 6) □ Other: . 



U.S. Patent and Trademark Office 

PTOL-326 (Rev. 7-05) 



Office Action Summary 



Part of Paper No./Mail Date 20050930 



Application/Control Number: 10/731,629 
Art Unit: 2131 



Page 2 



DETAILED ACTION 

Claims 1-31 are presented for examination. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-31 are rejected under 35 U.S.C. 102(b) as being anticipated by Gupta 
et al., (U.S. Patent No. 6,226,752 and Gupta hereinafter). 

Regarding claims 1, 3, and 14, Gupta discloses a generic token-bmsed system 
for intepating a target application on a first server to an authentication system for 
authenticating users of the target application, the generic system comprising a second 
server coupled to a database of configuration information about a login process for the 
target application, the second server being propammed to access the database of 
configuration information to conduct the login process with a user of the target 
application and to use the authentication system to authenticate the user and to issue at 
least one token to enable the user to access the target application once the 
authentication system authenticates the user, wherein the second server is 
programmed to receive a Uniform Resource Locator including an identification of the 
target application, and the second server is further progammed to use the identification 
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of the target application for looking up the configuration information for the login process 
from the database (Col. 3, lines 22-67 and Col. 4, lines 1-50). 

Regarding claims 18, 27, and 31, Gupta dicloses a method of using an 
authentication system for authenticating users of a target application on a first server, 
the method comprising maintaining a databmse of configuration information about a 
login process for the target application, and using a second server to access the 
database of configuration information to conduct the login process with a user of the 
target application and to use the authentication system to authenticate the user and to 
issue at least one token to enable the user to access the target application once the 
authentication system has authenticated the user, wherein a data network couples the 
first server to the second server, and the second server receives a Uniform Resotlrce 
Locator including an identifcation of the target application and uses the identification of 
the target integrated with the authentication system, and pages for creating and editing 
a selected one of the target applications (Col. 11, lines 25-67, Col. 12, lines 1-67 and 
Col. 13, lines 1-19). 

Regarding claims 2 and 19, Gupta discloses wherein the authentication system is 
a centralized authentication system of a business organization, and the target 
application is in a third-party web server coupled by a network to the centralized 
authentication system, and the login process includes redirection of a user login request 
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from the third-party web server to a server accessing the databmse and the centralized 
authentication system (Col. 11, lines 25-67, Col. 12, lines 1-67 and Col. 13, lines 1-19). 

Regarding claims 4 and 20, Gupta discloses wherein the configuration database 
includes configuration information for configuring a plurality of applications to the 
authentication system, the target application transmits a Uniform Resource Locator 
including an identification of the target application, and the method includes obtaining 
the identification of the target application from the Uniform Resource Locator, and using 
the identification of the target application for looking up the configuration information for 
the target application from the database (Col. 11, lines 25-67, Col. 12, lines 1-67 and 
Col. 13, lines 1-19). 

Regarding claims 5, 15, 21 , and 28, Gupta discloses wherein the server is 
programmed to obtain from the database configuration information defining an inbound 
parameter, and the server is programmed to receive the inbound parameter from the 
target application (Col. 5, lines 43-67 and Col. 6, lines 1-45). 

Regarding claims 6, 16, 22, and 29, Gupta discloses wherein the server is 
programmed to obtain from the database configuration information defining a natural 
language, and the server is programmed to use the natural language for communication 
with the user during the login process (Col. 2, lines 15-67 and Col. 3, lines 1-14). 
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Regarding claims 7, 17, 23, and 30, Gupta discloses wherein the server is 
programmed to obtain from the database configuration information defining an outbound 
parameter, and the server is programmed to send the outbound parameter to the target 
application once the authentication system has authenticated the user (Col. 5, lines 43- 
67 and Col. 6, lines 1-45). 

Regarding claims 10 and 26, Gupta discloses wherein the graphical user 
interface includes at least one page for exporting and importing authentication 
integration projects (Col. 2, lines 34-50). 

Regarding claim 12, Gupta discloses wherein the server includes a data cache 
coupled to the database (Col. 13, lines 20-29). 

Regarding claim 13, Gupta discloses wherein the server is programmed with a 
plurality of authentication modules for integrating respective target applications to the 
authentication system, and the server is programmed with an authentication module 
controller for directing user login requests to the respective authentication modules (Col. 
11, lines 10-67, Col.12, lines 1-41). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 9 and 25 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Gupta et al., (U.S. Patent No. 6,226,752 and Gupta hereinafter), in view of Khidekel et 
al., (U.S. Publication No. 2001/0027527 and Khidekel hereinafter). 

Teachings of Gupta with regard to limitations of claims 1 and 18 have been 
discussed previously. 

Regarding claims 9 and 25, Gupta discloses wherein the administrative 
application is programmed to present a graphical user interface to the system 
administrator for creating and editing the configuration information, and the graphical 
user interface includes pages for selecting a natural language for conducting the login 
process (Col. 2, lines 15-67 and Col. 3, lines 1-14), for specifying inbound parameters to 
be received from the target application and outbound parnmeters to be sent to the 
target application, for configuring at least one authorization setting, for configuring at 
least one token (Col. 5, lines 43-67 and Col. 6, lines 1-45). 

Gupta does not expressly disclose an encryption option for encrypting the token. 

However, Khidekel discloses a token that can include a non-encrypted portion 
and an encrypted portion (Page 3, Par. 0034). 

Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify teachings of Gupta with teachings of 
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Khidekel because it would allow to include a token that can include a non-encrypted 
portion and an encrypted portion as disclosed by Khidekel. This modification would 
have been obvious because one of ordinary skill in the art would have been motivated 
by the suggestion of Khidekel to provide for more security. 

Claims 8, 11, and 24 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Gupta et al., (U.S. Patent No. 6,226,752 and Gupta hereinafter), in view of 
Moshfeghi, (U.S. Patent No. 6,476,833). 

Teachings of Gupta with regard to limitations of claims 1 and 18 have been 
discussed previously. 

Regarding claims 8 and 24, Gupta does not expressly disclose creating and 
editing the configuration information and the graphical user interface including pages for 
listing active and inactive target applications integrated with the authentication system. 

However, Moshfeghi discloses wherein the administrative application is 
programmed to present a graphical user interface to the system administrator for 
creating and editing the configuration information, and the graphical user interface 
includes pages for listing active and inactive target applications integrated with the 
authentication system, and pages for creating and editing a selected one of the target 
applications (Col. 3, lines 7-50). 
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Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify teachings of Gupta with teachings of 
Moshfeghi because it would allow to include creating and editing the configuration 
information, and the graphical user interface includes pages for listing active and 
inactive target applications integrated with the authentication system, and pages for 
creating and editing a selected one of the target applications as disclosed by 
Moshfeghi. This modification would have been obvious because one of ordinary skill in 
the art would have been motivated by the suggestion of Moshfeghi to dynamically 
create a personalized user home page listing all links allowed to the user (Moshfeghi, 
Col. 3, lines 25-42). 

Regarding claim 11, Gupta does not expressly disclose creating and editing the 
configuration information, the administrative application includes a series of action 
modules for presenting respective pages of the graphical user interface to the system 
administrator. 

However, Moshfeghi discloses wherein the administrative application is 
programmed to present a graphical user interface to the system administrator for 
creating and editing the configuration information, the administrative application 
includes a series of action modules for presenting respective pages of the graphical 
user interface to the system administrator, and the action modules are programmed for 
invoking business logic (Col.11, lines 5-67 and Col. 12, lines 1-67 and Col. 13, lines 1- 
39). 
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Therefore, it would have been obvious to a person of ordinary skill in the art at 
the time of applicant's invention to modify teachings of Gupta with teachings of 
Moshfeghi because it would allow to include a graphical user interface to the system 
administrator for creating and editing the configuration information as disclosed by 
Moshfeghi. This modification would have been obvious because one of ordinary skill in 
the art would have been motivated by the suggestion of Moshfeghi to provide a method 
for changing the resource access and browsing function privileges of users by editing 
the content of their user profiles (Moshfeghi, Col. 3, lines 7-25). 



Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Gue et al, (U.S. Publication No. 2005/0120121), 
Mitchell et al, (U.S. Publication No. 2005/0216773), 
Barnett et al., (U.S. Publication No. 2002/0111814), and 
Chan et al., (U.S. Publication No. (2004/0123144). 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Arezoo Sherkat whose telephone number is (571 ) 272- 
3796. The examiner can normally be reached on 8:00-4:30 Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on (571 ) 272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 





Arezoo Sherkat 
Patent Examiner 
Group 2131 
Sep. 30, 2005 



